【安全通报】用友NC反序列化远程命令执行漏洞

Author:



概况 用友NC产品是面向集团企业的世界级高端管理软件,市场占有率在同类产品中已经达到亚太第一,已在8000家集团企业中应用,国内用户涵盖大多数关键基础设施运营单位。用友NC综合利用最新的互联网技术、云计算技术、移动应用技术等,通过构建大企业私有云来全面满足集团企业管理、全产业链管控和电子商务运营,成为大型集团企业生产运营中必备的一环,其安全性至关重要,一旦攻击者成功攻破该系统,不仅可以获取企业集团财务人员相关信息和运行数据,极易造成公司重要信息泄露,给公司带来极其不良的社会影响和经济损失;而且还可以作为突破口,进一步向基础设施运营企业的生产运营网络渗透,严重危害基础设施网络的生产安全。….



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
Category CERT-LatestNews Cryptography ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesCrypto

Improper Verification of Cryptographic Signature in tough library

July 13, 2020
. Security Advisory. This security advisory describes one high risk vulnerability. 1) Improper Verification of...
Tags , , , , , , , , , ,
Read More
Category APPLE VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesVMWare

CVE-2020-3974 VMware Fusion、VMware Remote Console和VMware Horizon Client 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

July 13, 2020
|漏洞详情 VMware Fusion等都是美国威睿(VMware)公司的产品。VMware Fusion是一套专用于在苹果机(Mac)上运行Windows应用程序的的虚拟机软件。VMware Remote Console是一款远程控制台应用程序。VMware Horizon Client是一款用于连接VMware Horizon虚拟桌面的客户端应用程序。 VMware Fusion 11.5.5之前的11..x版本、VMware Remote Console(Mac)11.2.0及之前的11.x版本和Horizo??n Client...
Tags , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
Category Database Management Systems VulnerabilitiesAll VulnerabilitiesDBMS

CVE-2020-11081 Facebook osquery 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

July 13, 2020
来源:MISC 链接:https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5 来源:MISC 链接:https://github.com/osquery/osquery/issues/6426 来源:CONFIRM 链接:https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm 来源:MISC 链接:https://github.com/osquery/osquery/pull/6433 来源:MISC 链接:https://github.com/osquery/osquery/releases/tag/4.4.0 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-11081 Source link
Tags , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
Category Database Management Systems VulnerabilitiesAll VulnerabilitiesDBMS

Glacies IceHRM SQL注入漏洞

July 13, 2020
Glacies IceHRM是德国Glacies团队的一套人力资源管理系统。该系统包括费用管理、招聘管理、工资管理和休假管理等功能。 Glacies IceHRM 26.6.0.OS版本中的Admin Reports功能存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。 来源:talosintelligence.com 链接:https://talosintelligence.com/vulnerability_reports/TALOS-2020-1067 来源:nvd.nist.gov 链接:https://nvd.nist. Source link
Tags , , , , , , , , , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category APTFilter CERT-LatestNews Cryptography Cybersecurity-Covid-19 ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesMicrosoft VulnerabilitiesOS

Weekly security roundup: July 13, 2020

July 13, 2020
Palo Alto Networks has released a security update which addresses severe vulnerability in PAN-OS devices....
Tags , , , , ,
Read More
vamtam-theme-circle-post
Category Applications VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMozilla

Park Ticketing Management System 1.0 – Authentication Bypass

July 13, 2020
# Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass # Date: 2020-07-13 #...
Tags ,
Read More
Category Applications VulnerabilitiesAll VulnerabilitiesApplications

Juniper Networks修复防火墙中的严重漏洞 – FreeBuf网络安全行业门户

July 13, 2020
Juniper Networks通知客户,该公司修复了产品中的多个漏洞,大部分漏洞可被用于拒绝服务攻击。 该公司发布了十多则安全公告,描述Juniper产品中的多个漏洞,以及影响第三方组件的数十个安全漏洞。 大部分的漏洞影响Junos OS,但其中一些影响Juniper Secure Analytics,Junos Space和Junos Space Security Director。 Juniper软件中最严重的一个漏洞为CVE-2020-1647,该漏洞是一个超危双重释放漏洞,影响启用ICAP重定向服务的SRX系列防火墙。远程攻击者可通过发送特制的HTTP消息利用该漏洞造成拒绝服务或执行任意代码。 另一个超危漏洞为CVE-2020-1654,该漏洞同样可导致拒绝服务或远程代码执行。该漏洞也影响启用ICAP服务的SRX防火墙,攻击者可借助恶意HTTP消息利用该漏洞。 有6个漏洞被评为高危,所有的漏洞都可被用于拒绝服务攻击,包括持续性攻击。中危漏洞也可被用于拒绝服务攻击。 Juniper...
Tags ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesMicrosoft

Zoom Patches Legacy Windows Zero-Day Bug

July 13, 2020
Zoom has fixed a zero-day vulnerability announced last week which affects legacy Windows customers. The popular...
Tags , , , , , ,
Read More
vamtam-theme-circle-post
Category Applications VulnerabilitiesAll VulnerabilitiesApplications

Abusing feature to steal your tokens

July 13, 2020
HTTP/1.1 302 Found Server: nginx Date: Sat, 29 Sep 2018 23:36:51 GMT Content-Type: text/html; charset=utf-8...
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Database Management Systems ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS

Vulnerability FreeBSD via SCTP-AUTH packet processing

July 13, 2020
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a...
Tags , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact